Blog

Fitbit and Google Partnership May Raise Privacy Concerns

Depending on which side of the privacy debate you're on, you're either going to love or hate this announcement:

"Fitbit intends to use Google's new Cloud Healthcare API to help the company integrate further into the healthcare system, such as by connecting user data with electronic medical records."

Rarely has a single sentence been so fraught with risk, while simultaneously promising such great opportunity.

On the plus side, the potential for innovation is virtually unlimited, and this new partnership will no doubt be a boon for the still-struggling wearables market. There are also potential increases in health care delivery efficiency, but the privacy concerns surrounding the issue are very real.

One has to only think back to the recent Allscripts fiasco, in which some 1,500 healthcare providers found themselves impacted by a nasty ransomware attack.

Google already collects copious amounts of data on its users, and with Fitbit angling to tap into healthcare records, the amount of private and personally identifiable information collected on users is bound to grow exponentially.

In addition to that, depending on exactly what data Fitbit attempts to link, it could very well make them a "business associate" from a HIPAA perspective. This can expose one or both companies to increased liabilities and vastly stricter standards on how the data can be used, and the steps that must be taken to safeguard it.

Right now, those details are very much in the air, and the issue could go either way. But there are some legal experts who believe that Google and Fitbit will be able to skirt the issue sufficiently so that they will not gain the "business associate" classification.

For Fitbit's part, the company had this to say: "We have a longstanding commitment to privacy and data, and our data practices will continue to be governed by the Fitbit Privacy Policy. We are not sharing our user data with Google, we are partnering with Google to host Fitbit user data, similar to other cloud/hosting service providers. We take our obligation to safeguard users' personal information very seriously and are committed to protecting the privacy and security of our users, while being transparent about our data practices."

Comforting words, but they have done little to allay the concerns of privacy advocates, who see any number of negative outcomes associated with the new partnership. This is a debate that will no doubt be continuing for quite some time to come.